CVE-2020-18032

Summary

CVE	CVE-2020-18032
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-04-29 18:15:00 UTC
Updated	2023-11-07 03:19:00 UTC
Description	Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Graphviz	Graphviz	All	All	All	All
Application	Graphviz	Graphviz	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 33 Update: graphviz-2.44.0-14.fc33.2 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[dot]heap-over-flow(off-by-null) in lib/common/shapes.c (#1700) · Issues · graphviz / graphviz · GitLab	MISC	gitlab.com
Debian -- Security Information -- DSA-4914-1 graphviz	DEBIAN	www.debian.org
[SECURITY] Fedora 34 Update: graphviz-2.44.0-18.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: graphviz-2.44.0-18.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 33 Update: graphviz-2.44.0-14.fc33.2 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Graphviz: Multiple vulnerabilities (GLSA 202107-04) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] [DLA 2659-1] graphviz security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159479 Oracle Enterprise Linux Security Update for graphviz (ELSA-2021-4256)
178596 Debian Security Update for graphviz (DLA 2659-1)
178616 Debian Security Update for graphviz (DSA 4914-1)
178631 Debian Security Update for graphviz (DSA 4914-1)
199473 Ubuntu Security Notification for Graphviz Vulnerabilities (USN-5971-1)
239814 Red Hat Update for graphviz (RHSA-2021:4256)
281099 Fedora Security Update for graphviz (FEDORA-2021-ede783f2b6)
281100 Fedora Security Update for graphviz (FEDORA-2021-5fb7be1fbf)
296053 Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)
352478 Amazon Linux Security Advisory for graphviz: ALAS-2021-1513
353092 Amazon Linux Security Advisory for graphviz : AL2012-2021-353
500237 Alpine Linux Security Update for graphviz
501417 Alpine Linux Security Update for graphviz
501744 Alpine Linux Security Update for graphviz
503985 Alpine Linux Security Update for graphviz
670538 EulerOS Security Update for graphviz (EulerOS-SA-2021-2296)
670617 EulerOS Security Update for graphviz (EulerOS-SA-2021-2375)
670740 EulerOS Security Update for graphviz (EulerOS-SA-2021-2498)
670770 EulerOS Security Update for graphviz (EulerOS-SA-2021-2528)
670794 EulerOS Security Update for graphviz (EulerOS-SA-2021-2552)
710072 Gentoo Linux Graphviz Multiple vulnerabilities (GLSA 202107-04)
750020 SUSE Enterprise Linux Security Update for graphviz (SUSE-SU-2021:1651-1)
750023 SUSE Enterprise Linux Security Update for graphviz (SUSE-SU-2021:1646-1)
750200 OpenSUSE Security Update for graphviz (openSUSE-SU-2021:0757-1)
750796 OpenSUSE Security Update for graphviz (openSUSE-SU-2021:1651-1)
900374 Common Base Linux Mariner (CBL-Mariner) Security Update for graphviz (5484)
901239 Common Base Linux Mariner (CBL-Mariner) Security Update for graphviz (6454-1)
940097 AlmaLinux Security Update for graphviz (ALSA-2021:4256)
960212 Rocky Linux Security Update for graphviz (RLSA-2021:4256)